← THREAT HUNTER

ENVIRONMENT INTELLIGENCE

INACTIVE

LEARNING MODE

Orchestrated learning mode discovers your network environment through automated scanning, packet capture, and baseline building. Results are ingested into the RAG for AI context.

READY TO START
Configure settings below and start learning
0
Packets Captured
0 B
Data Processed
0
Unique IPs
0
Unique Ports
Learning Configuration

Run nmap to discover hosts and services on configured subnets

Collect detailed host info via SSH (requires configured credentials)

Periodically ingest discovered data to vector store during capture (interval configured in RAG Status tab)

SSH KEY MANAGEMENT

Manage SSH keys for passwordless access to remote hosts during learning and scanning. Deploy keys to hosts to enable automated security assessments.

SSH Key Pair

NOT GENERATED

Deploy Key to Host

Enter host credentials to automatically deploy the SSH key. The password is used once for deployment and is not stored.

Managed SSH Hosts

IP Address Hostname Username Port Status Last Connected OS Actions

No SSH hosts configured yet.

Deploy a key to a remote host to add it here.

NETWORK SCANNER

Scan the lab network to discover hosts and services using nmap. Real-time output streams to the console below.

Quick Scan: Fast ping sweep to discover live hosts. No port scanning.
Standard Scan: Scans top 100 ports with service version detection. (~2-5 min)
Full Scan: All 65535 ports + scripts + OS detection. (~10-30 min)
Idle

Network Scan Output

IDLE
[READY] Nmap scanner initialized. Select a subnet and click Start Scan.

Scan History

ID Subnet Type Status Hosts Found Started Actions
HOST DEEP SCAN (SSH)

Perform deep system inspection on deployed SSH hosts. Gathers OS info, network config, running services, users, processes, and security settings via SSH.

Idle

SSH Scan Output

IDLE
[READY] SSH host scanner initialized. Select a host and click Start Host Scan.

Host Scan History

ID Host Username Status OS Duration Scanned At Actions

KNOWN HOSTS

Register hosts in your environment with their roles. This provides context for AI analysis — it does NOT whitelist traffic.

IP Address Hostname Role Trust Level Source Description Actions

No hosts configured yet.

KNOWN SERVICES

Register expected services on hosts. Connections to unknown services will be flagged for review.

Host Port Protocol Service Name Description Actions

No services configured yet.

WHITELIST RULES

Important: Whitelisted items are still analyzed and logged, but will not trigger alerts or escalate threat levels. Use with caution — this could result in missed attack detection.
Type Value Reason Created Status Actions

No whitelist rules configured. That's usually a good thing!

RECONNAISSANCE RAG STATUS

The Recon RAG stores environment context that the AI queries during analysis. Documents are automatically ingested from scans and learning mode.

Environment Baseline
0
General host/service context
Host Inventory
0
Detailed host information
Service Inventory
0
Discovered services/ports
Traffic Patterns
0
Baseline traffic data
Security Config
0
Firewall/SSH/security settings
Total Documents: 0
Last Full Ingestion: Never

Ingestion Settings

minutes

How often to auto-ingest data during learning mode capture

Manual Ingestion

Scans are auto-ingested on completion. Use these for manual control.

Ingestion Log

No ingestion history yet. Logs appear here after ingestion operations.

Query RAG

Select collections and enter a query to search the vector store.